The burn address is an address for which there is no corresponding private key. Any assets sent there will therefore not be recoverable, by the administrator or anyone else.
The method for generating the burn address with all the X's is quite complex, and it's in the MultiChain source code if you want to see it. But any random address (not generated from a private key) can be used as an effective burn address. You can use the instructions on the page below, starting at step 4 with a random 40 character hexadecimal string instead of something calculated from something else:
Any burn addresses does need to be given receive permissions to have assets sent there. But there is no point giving the burn address send permissions, since it's not possible for anyone to sign a transaction on its behalf. Therefore it also cannot be used as the source for publishing to a stream.
If your interest in the burn address is to publish to a stream without sending any assets anywhere, then you don't need to worry about that. MultiChain takes care of that automatically using APIs like publishfrom.